A query string authentication provider is a non-SAML service that allows users to log in to a web portal, select a web service or application, and automatically be authenticated and signed in without having to re-enter credentials.

What can you do with Workspace ONE UEM Query String Authentication Settings

To access the Query String Authentication Settings navigate to Groups & Settings > All Settings > System > Advanced > Query String Authentication.

  • Enable Query String Authentication

Determine your Organization group hierarchy

Before you review and modify the settings, understand the two types of inheritance/override options for the organization group hierarchy available at the top and bottom of the settings page and determine your choice. For more information about these settings, see Override Versus Inherit Setting for Organization Groups.
  • Current Setting – Select whether to Inherit or Override the displayed settings. Inherit means use the settings of the current organization group's parent OG, while Override enables the settings for editing so you can modify the current OG's settings directly.
  • Child Permission – Select the available behavior of child organization groups that exist below the currently selected organization group. Inherit only means child OGs are only allowed to inherit these settings. Override only means they override the settings, and Inherit or Override means you can choose to inherit or override settings in child OGs that exist below the currently selected OG.
Setting Description
Enable Query String Authentication Select to enable the feature.
Parameter Name

Enter the query string parameter name in the Parameter Name field. This must be a single value – multiple parameter names are not supported. This is the value that Workspace ONE UEM uses to recognize the login request.

This parameter name comes from your query string authentication provider. Consult your authentication provider for instructions on retrieving this information.

Session Validation URL Enter the URL of the query string authentication provider instance. It is used for session validation and administrator account details retrieval. If needed, you can include a port number for network traffic as part of the URL.

An example of the login request to the Workspace ONE UEM console would be: https://acme.mdm.com/login?<Parameter>=<session_ID>, where acme.mdm.com is the URL of your UEM console, <Parameter> is the parameter name, and <session_ID> is the session ID passed from the query string authentication provider to Workspace ONE UEM for authentication.